NIST Seeking Public Comment on AI Agent Security (Deadline: March 9, 2026)

https://www.federalregister.gov/documents/2026/01/08/2026-00206/request-for-information-regarding-security-considerations-for-artificial-intelligence-agents

19•ascarola•1h ago

Comments

ascarola•1h ago

NIST is requesting public input on security practices for AI agent systems - autonomous AI that can take actions affecting real-world systems (trading bots, automated operations, multi-agent coordination).

Key focus areas: - Novel threats: prompt injection, behavioral hijacking, cascade failures - How existing security frameworks (STRIDE, attack trees) need to adapt - Technical controls and assessment methodologies - Agent registration/tracking (analogous to drone registration)

This is specifically about agentic AI security, not general ML security - one of the first formal government RFIs on autonomous agents.

Comments from practitioners deploying these systems would be valuable.

Deadline: March 9, 2026, 11:59 PM ET Submit: https://www.regulations.gov/commenton/NIST-2025-0035-0001

Priority questions (if limited time): 1(a), 1(d), 2(a), 2(e), 3(a), 3(b), 4(a), 4(b), 4(d)

Full 43-question RFI at link above.

cyanydeez•1h ago

Best security is a proper liability process for damages caused by publically accessible LLMs followed by users.

beej71•16m ago

War Operations Plan Response.

totetsu•13m ago

With this renaming of AISI to CAISI[1], and the resignation of its founding director[2] Elizabeth Kelly, It seems that the position has sifted to, don't let any concerns about social harms stop tech companies doing what ever they want, and also lets make a show of how bad China is. I think any public comment outside of the narrow definition of AI Risk as risk to national security, might fall on deaf ears.

[1] https://www.commerce.gov/news/press-releases/2025/06/stateme... [2] https://www.reuters.com/technology/us-ai-safety-institute-di...

snowhale•3m ago

The framing of AI agent 'security' in most regulatory discussions conflates two distinct problems: (1) agent action authorization — does the agent have permission to take this action on behalf of this user, and (2) agent context integrity — is the information the agent is acting on accurate and untampered.

Most current frameworks focus on (1) and miss (2). An agent that has perfect permission controls but draws from a poisoned or incomplete context window is still dangerous. For operations use cases, context integrity is arguably the harder problem — agents pulling from CRM, email, and ticketing systems simultaneously have large attack surfaces through injected data.

The NIST RFI would benefit from a clearer taxonomy here. Authorization and context integrity require different mitigations.

They Fought for the CIA in Afghanistan. In America, They're Living in Fear

It might be time to say goodbye to HTML inputs

An online book about how ChatGPT works

Blood test boosts Alzheimer's diagnosis accuracy to 94.5%, clinical study shows

Saturated ARC-AGI-2

Google, Apple start testing encrypted RCS on Android and iOS 26.4

Show HN: Falcon – Chat-first communities built on Bluesky AT Protocol

Some things we've learned about GPU textures at planetary scales

What's in the Housing for the 21st Century Act?

Ask HN: Posthotty.com I kindly ask for feedback to improve my AI vibed website

Uber launches autonomous vehicles services venture in robotaxi push

Panasonic, the former plasma king, will no longer make its own TVs

Show HN: Mouse Tester – visualize raw mouse input in the browser

The Oral Microbiome and Systemic Health: The Mouth-Body Connection

Say Goodbye to the Undersea Cable That Made the Global Internet Possible

The Agentic Data Stack

GitHub Actions Pull_request_target vs. Apache NuttX RTOS

Web page design studio – Part one: User-friendly visuals, and responsive design

Director of Safety and Alignment meta gave clawdbot full-access to her computer

Does anyone use CrewAI or LangChain anymore?

I created an AI chat app with pure HTML

A Short Chat with Claude

Show HN: An LLM powered social network for developers

Show HN: PaperBanana – Paste methodology text, get publication-ready diagrams

Show HN: Dress – A parameter-free O(E) graph equation that provably exceeds 1-WL

Show HN: I built a personal AI agent that runs 24/7 on my home server

Servo web rendering engine by The Linux Foundation

Show HN: New iOS app to track your deadlifts

Show HN: X86CSS – An x86 CPU emulator written in CSS

Against AI Enthusiasm and AI Fear: The Interface Problem